Should call the configured org.jboss.web.tomcat.security.jaspi.modules.HTTPBasicServerAuthModule and return an HTTP_OK response.

Instead it throws the following exception:

17:57:11,506 ERROR [org.apache.catalina.connector.CoyoteAdapter] An exception or error occurred in the container duringthe request processing: java.lang.IndexOutOfBoundsException: Index: 0, Size: 0 at java.util.ArrayList.RangeCheck(ArrayList.java:547) at java.util.ArrayList.get(ArrayList.java:322) at org.jboss.security.auth.message.config.JBossServerAuthContext.invokeModules(JBossServerAuthContext.java:168) at org.jboss.security.auth.message.config.JBossServerAuthContext.validateRequest(JBossServerAuthContext.java:142) at org.jboss.security.plugins.auth.JASPIServerAuthenticationManager.isValid(JASPIServerAuthenticationManager.java:79) at org.jboss.web.tomcat.security.jaspi.TomcatJASPIAuthenticator.authenticate(TomcatJASPIAuthenticator.java:105) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:559) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:872) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951) at java.lang.Thread.run(Thread.java:619)

This happens on both Jboss6 M2 and Jboss 5.1...

Debugging Jboss6 M2 code I found the following:

The validateRequest method of authmodule is called explicitely by the configured authenticator (through a context call) while in the JSR-196 spec it is said: "At point (2) in the message processing model: The message processing runtime must call the validateRequest method of ServerAuthContext". Can the Authenticator be considered the message processing runtime??

The AuthModule called seems to be HttpServletServerAuthModule and not that configured into the jaspi-webbasic-jboss-beans.xml i. e. HTTPBasicServerAuthModule why?

Is Jboss JSR-196 implementation working?

How can it be configured properly? Is there any detailed documentation?